package com.bw.hxc.config;



import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;

import javax.sql.DataSource;

@Configuration
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    DataSource dataSource;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication().dataSource(dataSource)
                .usersByUsernameQuery("select username,password,enabled  from tb_user where username =?")
                .authoritiesByUsernameQuery("select username,authority from tb_authority where username =?")
                .passwordEncoder(NoOpPasswordEncoder.getInstance());
//        super.configure(auth);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
//        super.configure(http);
        http.authorizeRequests()
                .antMatchers("/login","/user/noLogin","/user/save").permitAll()
                .antMatchers("/**").authenticated()
                .and()
                .formLogin().loginPage("/user/noLogin")
                .loginProcessingUrl("/myProcessLogin")
                .successForwardUrl("/user/loginOk")
                .failureForwardUrl("/user/loginFailed")
                .and()
                .logout()
                .logoutUrl("/myLogOut")
                ;
        http.headers().cacheControl();//不需要缓存
        http.csrf().disable();//禁用跨域攻击
        http.cors();//允许跨域访问
    }
}
